Spyware Removal

Remove Hidexls


What is Hidexls and removal instructions

Hidexls is a trojan that hides all Microsoft Excel documents on the C: drive. It also disables Registry Editor and Command Prompt. Furthermore, the parasite hides Search and Run tools, modifies some system settings and turns off displaying of hidden files. Hidexls secretly runs on every Windows startup. It can also run in Windows Safe Mode.

Hidexls manual removal:

Kill processes:
data uang.exe, excel optimise.exe, isassi.exe, keuangan.exe, system32.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mymoney
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\systemregistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\systrays
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mymoney
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemregistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systrays
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell=%System%\isassi.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell=%System%\isassi.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell=%System%\isassi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1
Delete files:
data uang.exe, excel optimise.exe, isassi.exe, keuangan.exe, system32.exe, msvbvm60.dll, autoexec.bat
Delete directories:
C:\WINDOWS\System32\Systim
C:\WINNT\System32\Systim
C:\WINDOWS\System32\CatRoot\

      
Related Spyware Removal

 

 
Previous: HighTraffic   Next: HidePE Trojan
| 1-9 | O | P | Q | R | S | T | U | V | W | X | Y | N | M | L | A | B | C | D | E | F | G | H | I | J | K | Z
Copyright © SpywareDot 2004-2009| Spyware Removal.  All rights reserved.